@algovoi/substrate 0.1.0

package/dist/canonicalize.js

@@ -0,0 +1,98 @@
+/**
+ * JCS RFC 8785 canonicalisation with the AlgoVoi-discipline rules.
+ *
+ * The canonicalisation discipline is the shared normative substrate for
+ * x402, AP2, A2A, and MPP receipts, formalised in PR #2436 in
+ * x402-foundation/x402 (three-voice coalition co-signed). This module
+ * wraps the `canonicalize` npm package (v3.0.0) with the discipline's
+ * pre-canonicalisation rules.
+ *
+ * Reference matrix: https://gist.github.com/chopmob-cloud/b327814c4e17ed9fc7b4f29c8bda523c
+ */
+import canonicalizeLib from 'canonicalize';
+import { createHash } from 'node:crypto';
+/**
+ * Pin the discipline version. Receipts emitted under this substrate carry
+ * this string in their canon_version field so a year-five verifier can pick
+ * the correct re-canonicalisation rule from the retained bytes alone.
+ */
+export const CANON_VERSION = 'jcs-rfc8785-v1';
+export class CanonicalizationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'CanonicalizationError';
+    }
+}
+/**
+ * Walk obj and enforce AlgoVoi-discipline pre-canonicalisation type rules:
+ * - object keys must be strings
+ * - only JSON-canonicalisable types are accepted (null, boolean, number,
+ *   string, array, plain object)
+ *
+ * Strict-integer-fields enforcement (timestamp_ms etc.) is done at the
+ * per-schema layer rather than universally here.
+ */
+function validateTypes(obj, path = '$') {
+    if (obj === null)
+        return;
+    if (typeof obj === 'boolean')
+        return;
+    if (typeof obj === 'number')
+        return;
+    if (typeof obj === 'string')
+        return;
+    if (Array.isArray(obj)) {
+        for (let i = 0; i < obj.length; i++) {
+            validateTypes(obj[i], `${path}[${i}]`);
+        }
+        return;
+    }
+    if (typeof obj === 'object') {
+        for (const [k, v] of Object.entries(obj)) {
+            // Object.entries always yields string keys; this guard is for safety
+            // around prototype-pollution edge cases in user-supplied objects.
+            if (typeof k !== 'string') {
+                throw new CanonicalizationError(`non-string object key at ${path}: ${typeof k}`);
+            }
+            validateTypes(v, `${path}.${k}`);
+        }
+        return;
+    }
+    throw new CanonicalizationError(`non-canonicalisable type at ${path}: ${typeof obj}`);
+}
+/**
+ * Return the canonical JCS string representation of obj.
+ *
+ * Applies AlgoVoi-discipline pre-canonicalisation type validation, then
+ * delegates to canonicalize (RFC 8785) for the canonical bytes.
+ *
+ * Throws CanonicalizationError on type-validation failure.
+ */
+export function canonicalize(obj) {
+    validateTypes(obj);
+    const out = canonicalizeLib(obj);
+    if (out === undefined) {
+        // canonicalize() returns undefined for values that JSON.stringify would
+        // also drop (e.g. functions, undefined values at the root). The
+        // discipline does not allow those at any level; this is belt-and-braces.
+        throw new CanonicalizationError('object is not JCS-canonicalisable (canonicalize returned undefined)');
+    }
+    return out;
+}
+/**
+ * Return the canonical JCS UTF-8 bytes of obj as a Uint8Array.
+ */
+export function canonicalizeBytes(obj) {
+    return new TextEncoder().encode(canonicalize(obj));
+}
+/**
+ * Return the lowercase hex SHA-256 of the JCS canonical bytes of obj.
+ *
+ * This is the substrate primitive used by action_ref, compliance receipts,
+ * audit chain entries, and the composite trust-query algorithm. The string
+ * is plain hex without an algorithm prefix.
+ */
+export function sha256Jcs(obj) {
+    return createHash('sha256').update(canonicalize(obj)).digest('hex');
+}
+//# sourceMappingURL=canonicalize.js.map

package/dist/canonicalize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../src/canonicalize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,eAAe,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,gBAAyB,CAAC;AAEvD,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,SAAS,aAAa,CAAC,GAAY,EAAE,IAAI,GAAG,GAAG;IAC7C,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO;IACzB,IAAI,OAAO,GAAG,KAAK,SAAS;QAAE,OAAO;IACrC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO;IACpC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,EAAE,CAAC;YACpE,qEAAqE;YACrE,kEAAkE;YAClE,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,IAAI,qBAAqB,CAC7B,4BAA4B,IAAI,KAAK,OAAO,CAAC,EAAE,CAChD,CAAC;YACJ,CAAC;YACD,aAAa,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC;QACnC,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,IAAI,qBAAqB,CAC7B,+BAA+B,IAAI,KAAK,OAAO,GAAG,EAAE,CACrD,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,aAAa,CAAC,GAAG,CAAC,CAAC;IACnB,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,wEAAwE;QACxE,gEAAgE;QAChE,yEAAyE;QACzE,MAAM,IAAI,qBAAqB,CAC7B,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAY;IAC5C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AACrD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,GAAY;IACpC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC"}

package/dist/compliance-receipt.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Compliance receipt shape matching AlgoVoi's production /compliance/screen.
+ *
+ * The categorical outcome (ALLOW / REFER / DENY) is load-bearing for the
+ * retention layer (UK POCA 2002 s.330 SAR distinction). A score/tier
+ * projection would lose that property and break year-five auditability.
+ */
+export declare const SCREEN_RESULTS: readonly ["ALLOW", "REFER", "DENY"];
+export type ScreenResult = (typeof SCREEN_RESULTS)[number];
+export declare class ComplianceReceiptError extends Error {
+    constructor(message: string);
+}
+export interface ComplianceReceipt {
+    payer_ref: string;
+    screen_result: ScreenResult;
+    screen_timestamp_ms: number;
+    screen_provider_did: string;
+    jurisdiction_flags: string[];
+    canon_version: string;
+}
+export interface BuildComplianceReceiptInput {
+    payer_ref: string;
+    screen_result: string;
+    screen_timestamp_ms: number;
+    screen_provider_did: string;
+    jurisdiction_flags: string[];
+    canon_version?: string;
+}
+/**
+ * Build a validated compliance receipt object.
+ *
+ * screen_result must be one of ALLOW, REFER, DENY -- the categorical
+ * outcome is load-bearing for downstream regulatory obligations.
+ *
+ * payer_ref is expected to be a content-addressed identity reference
+ * (e.g. "sha256:<hex>") rather than cleartext identity content.
+ *
+ * jurisdiction_flags is treated as ordered -- ["UK","EU"] and ["EU","UK"]
+ * produce distinct canonical bytes per RFC 8785 §3.2.3.
+ */
+export declare function buildComplianceReceipt(input: BuildComplianceReceiptInput): ComplianceReceipt;
+//# sourceMappingURL=compliance-receipt.d.ts.map

package/dist/compliance-receipt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-receipt.d.ts","sourceRoot":"","sources":["../src/compliance-receipt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,eAAO,MAAM,cAAc,qCAAsC,CAAC;AAClE,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;AAE3D,qBAAa,sBAAuB,SAAQ,KAAK;gBACnC,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,YAAY,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,2BAA2B;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AA+CD;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,2BAA2B,GACjC,iBAAiB,CAqBnB"}

package/dist/compliance-receipt.js

@@ -0,0 +1,71 @@
+/**
+ * Compliance receipt shape matching AlgoVoi's production /compliance/screen.
+ *
+ * The categorical outcome (ALLOW / REFER / DENY) is load-bearing for the
+ * retention layer (UK POCA 2002 s.330 SAR distinction). A score/tier
+ * projection would lose that property and break year-five auditability.
+ */
+import { CANON_VERSION } from './canonicalize.js';
+export const SCREEN_RESULTS = ['ALLOW', 'REFER', 'DENY'];
+export class ComplianceReceiptError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ComplianceReceiptError';
+    }
+}
+function requireNonEmptyString(field, value) {
+    if (typeof value !== 'string' || value.length === 0) {
+        throw new ComplianceReceiptError(`${field} must be a non-empty string`);
+    }
+    return value;
+}
+function requireIntTimestampMs(value) {
+    if (typeof value !== 'number') {
+        throw new ComplianceReceiptError(`screen_timestamp_ms must be epoch-millisecond integer (Substrate Rule 1), got ${typeof value}`);
+    }
+    if (!Number.isFinite(value) || !Number.isInteger(value)) {
+        throw new ComplianceReceiptError(`screen_timestamp_ms must be epoch-millisecond integer (Substrate Rule 1), got ${value}`);
+    }
+    if (value < 0) {
+        throw new ComplianceReceiptError(`screen_timestamp_ms must be non-negative, got ${value}`);
+    }
+    return value;
+}
+function requireJurisdictionFlags(value) {
+    if (!Array.isArray(value)) {
+        throw new ComplianceReceiptError(`jurisdiction_flags must be array, got ${typeof value}`);
+    }
+    for (let i = 0; i < value.length; i++) {
+        const code = value[i];
+        if (typeof code !== 'string' || code.length === 0) {
+            throw new ComplianceReceiptError(`jurisdiction_flags[${i}] must be a non-empty string`);
+        }
+    }
+    return [...value];
+}
+/**
+ * Build a validated compliance receipt object.
+ *
+ * screen_result must be one of ALLOW, REFER, DENY -- the categorical
+ * outcome is load-bearing for downstream regulatory obligations.
+ *
+ * payer_ref is expected to be a content-addressed identity reference
+ * (e.g. "sha256:<hex>") rather than cleartext identity content.
+ *
+ * jurisdiction_flags is treated as ordered -- ["UK","EU"] and ["EU","UK"]
+ * produce distinct canonical bytes per RFC 8785 §3.2.3.
+ */
+export function buildComplianceReceipt(input) {
+    if (!SCREEN_RESULTS.includes(input.screen_result)) {
+        throw new ComplianceReceiptError(`screen_result must be one of ${JSON.stringify([...SCREEN_RESULTS])}, got ${JSON.stringify(input.screen_result)}`);
+    }
+    return {
+        payer_ref: requireNonEmptyString('payer_ref', input.payer_ref),
+        screen_result: input.screen_result,
+        screen_timestamp_ms: requireIntTimestampMs(input.screen_timestamp_ms),
+        screen_provider_did: requireNonEmptyString('screen_provider_did', input.screen_provider_did),
+        jurisdiction_flags: requireJurisdictionFlags(input.jurisdiction_flags),
+        canon_version: requireNonEmptyString('canon_version', input.canon_version ?? CANON_VERSION),
+    };
+}
+//# sourceMappingURL=compliance-receipt.js.map

package/dist/compliance-receipt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-receipt.js","sourceRoot":"","sources":["../src/compliance-receipt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAU,CAAC;AAGlE,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAoBD,SAAS,qBAAqB,CAAC,KAAa,EAAE,KAAc;IAC1D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,sBAAsB,CAC9B,GAAG,KAAK,6BAA6B,CACtC,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,sBAAsB,CAC9B,iFAAiF,OAAO,KAAK,EAAE,CAChG,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,sBAAsB,CAC9B,iFAAiF,KAAK,EAAE,CACzF,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,MAAM,IAAI,sBAAsB,CAC9B,iDAAiD,KAAK,EAAE,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,sBAAsB,CAC9B,yCAAyC,OAAO,KAAK,EAAE,CACxD,CAAC;IACJ,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,sBAAsB,CAC9B,sBAAsB,CAAC,8BAA8B,CACtD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,KAAK,CAAa,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAkC;IAElC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,aAA6B,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,sBAAsB,CAC9B,gCAAgC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,cAAc,CAAC,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAClH,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,qBAAqB,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC;QAC9D,aAAa,EAAE,KAAK,CAAC,aAA6B;QAClD,mBAAmB,EAAE,qBAAqB,CAAC,KAAK,CAAC,mBAAmB,CAAC;QACrE,mBAAmB,EAAE,qBAAqB,CACxC,qBAAqB,EACrB,KAAK,CAAC,mBAAmB,CAC1B;QACD,kBAAkB,EAAE,wBAAwB,CAAC,KAAK,CAAC,kBAAkB,CAAC;QACtE,aAAa,EAAE,qBAAqB,CAClC,eAAe,EACf,KAAK,CAAC,aAAa,IAAI,aAAa,CACrC;KACF,CAAC;AACJ,CAAC"}

package/dist/composite-trust-query.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Composite trust-query algorithm (PR #2440 in x402-foundation/x402).
+ *
+ * composite_hash = SHA-256(JCS([emitter_rows sorted by source_id, sig excluded]))
+ *
+ * Aggregates trust evidence from multiple emitters into a single canonical
+ * hash. Properties:
+ * - Row ordering invariance (sort-by-source_id).
+ * - Set semantics (subset rows produce a distinct hash).
+ * - Signature exclusion (sig field dropped before serialisation).
+ *
+ * 5-implementation cross-validation:
+ * https://gist.github.com/chopmob-cloud/f2e9f0877b7d9fff70c8eca46e4ce636
+ */
+export declare class CompositeTrustQueryError extends Error {
+    constructor(message: string);
+}
+export interface EmitterRow {
+    source_id: string;
+    [key: string]: unknown;
+    sig?: unknown;
+}
+/**
+ * Return the lowercase hex composite_hash for a set of emitter rows.
+ *
+ * Steps (per PR #2440 §composite-hash):
+ *   1. Strip the sig field from each row.
+ *   2. Sort rows by source_id (lexicographic).
+ *   3. JCS-canonicalise the resulting array.
+ *   4. SHA-256 the canonical bytes.
+ *
+ * Output is plain hex without an algorithm prefix.
+ */
+export declare function compositeTrustQueryHash(rows: readonly EmitterRow[]): string;
+//# sourceMappingURL=composite-trust-query.d.ts.map

package/dist/composite-trust-query.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"composite-trust-query.d.ts","sourceRoot":"","sources":["../src/composite-trust-query.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,qBAAa,wBAAyB,SAAQ,KAAK;gBACrC,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAElB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAEvB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAkBD;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,SAAS,UAAU,EAAE,GAAG,MAAM,CAwB3E"}

package/dist/composite-trust-query.js

@@ -0,0 +1,64 @@
+/**
+ * Composite trust-query algorithm (PR #2440 in x402-foundation/x402).
+ *
+ * composite_hash = SHA-256(JCS([emitter_rows sorted by source_id, sig excluded]))
+ *
+ * Aggregates trust evidence from multiple emitters into a single canonical
+ * hash. Properties:
+ * - Row ordering invariance (sort-by-source_id).
+ * - Set semantics (subset rows produce a distinct hash).
+ * - Signature exclusion (sig field dropped before serialisation).
+ *
+ * 5-implementation cross-validation:
+ * https://gist.github.com/chopmob-cloud/f2e9f0877b7d9fff70c8eca46e4ce636
+ */
+import { sha256Jcs } from './canonicalize.js';
+export class CompositeTrustQueryError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'CompositeTrustQueryError';
+    }
+}
+function stripSig(row) {
+    const { sig, ...rest } = row;
+    void sig;
+    return rest;
+}
+function requireSourceId(row) {
+    const src = row['source_id'];
+    if (typeof src !== 'string' || src.length === 0) {
+        throw new CompositeTrustQueryError('every emitter row must carry a non-empty string source_id');
+    }
+    return src;
+}
+/**
+ * Return the lowercase hex composite_hash for a set of emitter rows.
+ *
+ * Steps (per PR #2440 §composite-hash):
+ *   1. Strip the sig field from each row.
+ *   2. Sort rows by source_id (lexicographic).
+ *   3. JCS-canonicalise the resulting array.
+ *   4. SHA-256 the canonical bytes.
+ *
+ * Output is plain hex without an algorithm prefix.
+ */
+export function compositeTrustQueryHash(rows) {
+    if (rows.length === 0) {
+        throw new CompositeTrustQueryError('composite trust-query requires at least one emitter row');
+    }
+    const stripped = [];
+    for (const row of rows) {
+        if (row === null || typeof row !== 'object' || Array.isArray(row)) {
+            throw new CompositeTrustQueryError(`emitter row must be an object, got ${Array.isArray(row) ? 'array' : typeof row}`);
+        }
+        requireSourceId(row);
+        stripped.push(stripSig(row));
+    }
+    stripped.sort((a, b) => {
+        const sa = a['source_id'];
+        const sb = b['source_id'];
+        return sa < sb ? -1 : sa > sb ? 1 : 0;
+    });
+    return sha256Jcs(stripped);
+}
+//# sourceMappingURL=composite-trust-query.js.map

package/dist/composite-trust-query.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"composite-trust-query.js","sourceRoot":"","sources":["../src/composite-trust-query.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAUD,SAAS,QAAQ,CAAC,GAA4B;IAC5C,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,GAAG,CAAC;IAC7B,KAAK,GAAG,CAAC;IACT,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,wBAAwB,CAChC,2DAA2D,CAC5D,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAA2B;IACjE,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,wBAAwB,CAChC,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAC/C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,wBAAwB,CAChC,sCAAsC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,GAAG,EAAE,CAClF,CAAC;QACJ,CAAC;QACD,eAAe,CAAC,GAA8B,CAAC,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,GAA8B,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACrB,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,CAAW,CAAC;QACpC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,CAAW,CAAC;QACpC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IACH,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC7B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,24 @@
+/**
+ * @algovoi/substrate
+ *
+ * AlgoVoi agentic-payments substrate reference implementation.
+ *
+ * - JCS RFC 8785 canonicalisation with the AlgoVoi-discipline rules
+ *   (type-validation pre-canonicalisation, in-band canon_version pin).
+ * - action_ref atomic primitive:
+ *   SHA-256(JCS({agent_id, action_type, scope, timestamp_ms})).
+ * - Composite trust-query algorithm (PR #2440 in x402-foundation/x402).
+ * - Compliance receipt shape matching AlgoVoi's production
+ *   /compliance/screen emission.
+ * - Audit chain primitive: monotonic per-row hash chain with content_hash +
+ *   prev_hash linking, year-five auditability under canon_version pin.
+ *
+ * The substrate runs in production at https://api.algovoi.co.uk/compliance.
+ * Licensed under Apache 2.0.
+ */
+export { CANON_VERSION, CanonicalizationError, canonicalize, canonicalizeBytes, sha256Jcs, } from './canonicalize.js';
+export { ActionRefError, type ActionRefInput, type ActionRefObject, actionRef, actionRefObject, } from './action-ref.js';
+export { CompositeTrustQueryError, type EmitterRow, compositeTrustQueryHash, } from './composite-trust-query.js';
+export { SCREEN_RESULTS, type ScreenResult, ComplianceReceiptError, type ComplianceReceipt, type BuildComplianceReceiptInput, buildComplianceReceipt, } from './compliance-receipt.js';
+export { AuditChainError, type AuditChainRow, appendToChain, verifyAuditChain, } from './audit-chain.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,cAAc,EACd,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,SAAS,EACT,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,wBAAwB,EACxB,KAAK,UAAU,EACf,uBAAuB,GACxB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,cAAc,EACd,KAAK,YAAY,EACjB,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,KAAK,2BAA2B,EAChC,sBAAsB,GACvB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,eAAe,EACf,KAAK,aAAa,EAClB,aAAa,EACb,gBAAgB,GACjB,MAAM,kBAAkB,CAAC"}

package/dist/index.js

@@ -0,0 +1,24 @@
+/**
+ * @algovoi/substrate
+ *
+ * AlgoVoi agentic-payments substrate reference implementation.
+ *
+ * - JCS RFC 8785 canonicalisation with the AlgoVoi-discipline rules
+ *   (type-validation pre-canonicalisation, in-band canon_version pin).
+ * - action_ref atomic primitive:
+ *   SHA-256(JCS({agent_id, action_type, scope, timestamp_ms})).
+ * - Composite trust-query algorithm (PR #2440 in x402-foundation/x402).
+ * - Compliance receipt shape matching AlgoVoi's production
+ *   /compliance/screen emission.
+ * - Audit chain primitive: monotonic per-row hash chain with content_hash +
+ *   prev_hash linking, year-five auditability under canon_version pin.
+ *
+ * The substrate runs in production at https://api.algovoi.co.uk/compliance.
+ * Licensed under Apache 2.0.
+ */
+export { CANON_VERSION, CanonicalizationError, canonicalize, canonicalizeBytes, sha256Jcs, } from './canonicalize.js';
+export { ActionRefError, actionRef, actionRefObject, } from './action-ref.js';
+export { CompositeTrustQueryError, compositeTrustQueryHash, } from './composite-trust-query.js';
+export { SCREEN_RESULTS, ComplianceReceiptError, buildComplianceReceipt, } from './compliance-receipt.js';
+export { AuditChainError, appendToChain, verifyAuditChain, } from './audit-chain.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,cAAc,EAGd,SAAS,EACT,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,wBAAwB,EAExB,uBAAuB,GACxB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,cAAc,EAEd,sBAAsB,EAGtB,sBAAsB,GACvB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,eAAe,EAEf,aAAa,EACb,gBAAgB,GACjB,MAAM,kBAAkB,CAAC"}

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "@algovoi/substrate",
+  "version": "0.1.0",
+  "description": "AlgoVoi agentic-payments substrate -- JCS canonicalisation, action_ref, composite trust-query, compliance receipts, audit chain",
+  "keywords": [
+    "x402",
+    "ap2",
+    "a2a",
+    "mpp",
+    "jcs",
+    "rfc8785",
+    "canonicalisation",
+    "agentic-payments",
+    "compliance",
+    "audit-chain",
+    "trust-query"
+  ],
+  "homepage": "https://api.algovoi.co.uk",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/chopmob-cloud/algovoi-substrate.git",
+    "directory": "typescript"
+  },
+  "bugs": {
+    "url": "https://github.com/chopmob-cloud/algovoi-substrate/issues"
+  },
+  "license": "Apache-2.0",
+  "author": "AlgoVoi <chopmob@gmail.com>",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist/**/*",
+    "src/**/*",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "clean": "rimraf dist",
+    "prepublishOnly": "npm run clean && npm run build && npm test"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "canonicalize": "^3.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "rimraf": "^5.0.0",
+    "typescript": "^5.4.0",
+    "vitest": "^1.6.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/src/action-ref.ts

@@ -0,0 +1,96 @@
+/**
+ * action_ref atomic primitive.
+ *
+ * action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))
+ *
+ * The action_ref is the AlgoVoi-authored canonical action identifier used
+ * across the substrate. Two emitters describing the same logical action
+ * produce the same action_ref by construction.
+ *
+ * - timestamp_ms is enforced as an epoch-millisecond integer per Substrate
+ *   Rule 1. Float, ISO 8601 strings, and negative values are rejected.
+ * - agent_id, action_type, scope are required non-empty strings.
+ * - The preimage shape is fixed at exactly these four fields.
+ */
+
+import { sha256Jcs } from './canonicalize.js';
+
+export class ActionRefError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'ActionRefError';
+  }
+}
+
+export interface ActionRefObject {
+  agent_id: string;
+  action_type: string;
+  scope: string;
+  timestamp_ms: number;
+}
+
+function requireString(field: string, value: unknown): string {
+  if (typeof value !== 'string') {
+    throw new ActionRefError(`${field} must be string, got ${typeof value}`);
+  }
+  if (value.length === 0) {
+    throw new ActionRefError(`${field} must be a non-empty string`);
+  }
+  return value;
+}
+
+function requireIntTimestampMs(value: unknown): number {
+  if (typeof value !== 'number') {
+    throw new ActionRefError(
+      `timestamp_ms must be epoch-millisecond integer (Substrate Rule 1), got ${typeof value}`,
+    );
+  }
+  if (!Number.isFinite(value)) {
+    throw new ActionRefError(
+      `timestamp_ms must be a finite number, got ${value}`,
+    );
+  }
+  if (!Number.isInteger(value)) {
+    throw new ActionRefError(
+      `timestamp_ms must be epoch-millisecond integer (Substrate Rule 1), got float ${value}`,
+    );
+  }
+  if (value < 0) {
+    throw new ActionRefError(`timestamp_ms must be non-negative, got ${value}`);
+  }
+  return value;
+}
+
+export interface ActionRefInput {
+  agent_id: string;
+  action_type: string;
+  scope: string;
+  timestamp_ms: number;
+}
+
+/**
+ * Return the validated preimage object for action_ref.
+ *
+ * The four-field shape is fixed by the substrate; extending it produces
+ * a different primitive, not a different action_ref.
+ */
+export function actionRefObject(input: ActionRefInput): ActionRefObject {
+  return {
+    agent_id: requireString('agent_id', input.agent_id),
+    action_type: requireString('action_type', input.action_type),
+    scope: requireString('scope', input.scope),
+    timestamp_ms: requireIntTimestampMs(input.timestamp_ms),
+  };
+}
+
+/**
+ * Return the lowercase hex SHA-256 action_ref.
+ *
+ * action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))
+ *
+ * Output is plain hex (no algorithm prefix).
+ */
+export function actionRef(input: ActionRefInput): string {
+  const obj = actionRefObject(input);
+  return sha256Jcs(obj);
+}